Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g are required components for Oracle Portal, Forms, Reports and Discoverer Release 10g and Release 11g.
Overview of the Installation Steps
- Executing inspre11.pl
- SSO Repository Creation
- Install SSO 10.1.4.0.1 and upgrade it to 10.1.4.3
More detail for the steps below can be found in Oracle’s documentation.
execute inspre11.pl with –op1. The –op1 flag will enable anonymous bind, disable entry cache and change the OID version from 11.1.1.1.0 to 10.1.4.0.1 so the SSO repository creation assistant will be able to load the schema.
On the database tier set your ORACLE_HOME environment variable to your IDM installation, and ORACLE_INSTANCE to the instance home location. Execute inspre11.pl with the –op1 parameter.
The syntax for inspre11.pl is:
$OID11gR1_ORACLE_HOME/perl/bin/perl \
$OID11gR1_ORACLE_HOME/ldap/bin/inspre11.pl OID_HOST OID_PORT {-ssl | -nonssl} \
OID_COMPONENT DB_CONNECT_STRING ODS_PASSWORD ORCLADMIN_PASSWORD \
{-op1 | -op2 | -op3}
In part 2, I used the same password for all of the accounts, so ODS_PASSWORD and ORCLADMIN_PASSWORD is the same. That’s why you will see password specified twice in my example below:
[oracle@vm2 Oracle_IDM1]$ ORACLE_HOME=/u01/app/oracle/product/mid11g/Oracle_IDM1; export ORACLE_HOME
[oracle@vm2 Oracle_IDM1]$ ORACLE_INSTANCE=/u01/app/oracle/product/mid11g/IDMasinst_1; export ORACLE_INSTANCE
[oracle@vm2 Oracle_IDM1]$ $ORACLE_HOME/perl/bin/perl $ORACLE_HOME/ldap/bin/inspre11.pl vm2 3060 -nonssl oid1 vm2:1521:FMWD password password –op1
Use RepCA to load SSO and other schemas against DB before running -op2
SSO Repository Creation
In part 2 we used a repository creation utility to load the IDM, Portal and SOA 11g schemas. Since SSO is a previous version (10g), we need to use a different repository creation utility (RCU). The 11g RCU is much nicer because it doesn’t need to be installed before you can use it. The 10g SSO RCU needs to be installed like other Oracle products before it can be installed.
The 10g SSO RCU is 32bit, so if your trying to install this on a 64bit environment, you have to type linux32 bash before you launch the runInstaller. Even tho I ran it from a 32bit shell I still encountered issues. Since you don’t need the 10g SSO RCU after you load the SSO schema I decided to install it on an old 32bit server instead of trying to figure out what was wrong.
Unzip the 10g SSO RCU archive and launch the runInstaller:
Click on the Next button.
Verify the inventory directory and change it to suit your environment. Then click on the Next button.
Make sure you execute the orainstRoot.sh script before clicking on the Continue button.
[root@appTier oraInventory]# ./orainstRoot.sh
Creating the Oracle inventory pointer file (/etc/oraInst.loc)
Changing groupname of /home/oracle/oraInventory to oinstall.
Creating the Oracle inventory pointer file (/etc/oraInst.loc)
Changing groupname of /home/oracle/oraInventory to oinstall.
Change if necessary and click on the Next button.
I hit this warning, I can’t remember which kernel parameter was at issue but after I reviewed the problem I determined it was ok to proceed. The next time I install it, I’ll take better notes. Click on the Yes button.
If you need other languages select them and click on the Next button.
Verify that Yes is selected so that the RCU assistant launches automatically after the installation is finished and click on the Next button.
Click on the Install button.
The RCU assistant will automatically start and show the screen below:
Click on the Next button:
Enter the path of the Oracle Home directory for the database installed in Part 2. As well, select a log file directory and click on the Next button
.
We need to load the schema and register it, so verify that the Load and Register option is selected and click on the Next button:
Enter the information for the database created in Part 2.
It appears that the SSO Repca utility ignores the SGA_TARGET parameter and looks explicitly for the various SGA parmeters to make sure your database is sized correctly and setup correctly. As long as your SGA_TARGET is set high enough you can quickly login to your database, execute the commands below and continue with the RCU assistant.
SQL> alter system set aq_tm_processes =1;
SQL> alter system set db_cache_size=200M;
SQL> alter system set shared_pool_size=200M;
SQL> alter system set java_pool_size=120M;
Click on Yes, this requirement is only for 10g databases and we are not using 10g Portal.
I am using an regular file system so I selected the first option and clicked on the Next button.
Since I am on a SAN I am using the same directory for all tablespaces but if you are using multiple directories you will need to manually enter the information for each tablespace. Click on the Next button when complete.
By default the system tablespace datafile should be in autoextend in 11g but verify.
Enter the hostname for the server in which you installed Identity Management on in Part 2. By default the SSL port is 3131 but if you are unsure you can look at the installation summary file you should have saved back in Part 2.
Enter the password for orcladmin which you specified while installing Oracle Identity Management in Part 2.
I choose the default and clicked on Next.
Once the SSO repository has been loaded into your database you will be presented with the following screen. Click OK and your finished.
The 10g SSO RCU changes the ODS password for some reason so you need to change it back to the one you used back in Part 2.
Login to your database via SQL*Plus and change the ODS password using
alter user ods identified by PASSWORD, where PASSWORD represents the ODS schema password before running the 10g SSO RCU Assistant. SQL> alter user ods identified by password;
User altered
Login to the server in which Oracle Identity Management was installed and set the ORACLE_HOME, ORACLE_INSTANCE and TNS_ADMIN environment variables to reflect the IDM install and create a wallet:
[oracle@vm2 ~]$ ORACLE_HOME=/u01/app/oracle/product/mid11g/Oracle_IDM1; export ORACLE_HOME
[oracle@vm2 ~]$ ORACLE_INSTANCE=/u01/app/oracle/product/mid11g/IDMasinst_1; export ORACLE_INSTANCE
[oracle@vm2 ~]$ TNS_ADMIN=$ORACLE_INSTANCE/config; export TNS_ADMIN
[oracle@vm2 ~]$ cat $TNS_ADMIN/tnsnames.ora
OIDDB=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=vm2)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=FMWD)))
[oracle@vm2 ~]$ $ORACLE_HOME/ldap/bin/oidpasswd connect=OIDDB create_wallet=true
password:
confirm password:
Replication password file exists
password set
Restart Oracle Internet Directory:
[oracle@vm2 bin]$ cd $ORACLE_INSTANCE/bin
[oracle@vm2 bin]$ pwd
/u01/app/oracle/product/mid11g/IDMasinst_1/bin
[oracle@vm2 bin]$ ./opmnctl stopall;
opmnctl stopall: stopping opmn and all managed processes...
[oracle@vm2 bin]$ ./opmnctl startall;
opmnctl startall: starting opmn and all managed processes...
Execute the inspre11.pl script with -op2, which resets the Oracle Internet Directory version and allows you to install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1). The -op2 option will also verify the orcldirectoryversion attribute has a value of OID 10.1.4.0.1.
[oracle@vm2 bin]$ $ORACLE_HOME/perl/bin/perl $ORACLE_HOME/ldap/bin/inspre11.pl vm2 3060 -nonssl oid1 OIDDB password password -op2
Install SSO/DAS against 11g OID before running -op3
Above when we executed inspre11.pl with the –op1 flag we used vm2:1521:FMWD for the database information. For some reason, with the –op2 flag, you will get an error. See the following note for details. Since we set the TNS_ADMIN environment variable above, we can pass the tnsnames.ora entry, which is OIDDB.
Subject: Inspre11.Pl Fails With Error Message No Such File Or Directory At Line 310 Doc ID: 876623.1
Install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1) and Upgrade to 10.1.4.3
On your application their unzip the SSO media and launch the runInstaller.
Click on the Next button:
Specify the directory for the SSO Oracle Home and click on the Next button.
Select Oracle Application Server Infrastructure 10g for the Single Sign-On (SSO) component and click on the Next button.
We already created the SSO repository, so select the second option Identity Management and click on the Next button.
If you haven’t already review Note 465847.1, it lists the required packages for OEL 5 and if you made the OS changes listed in Part 1 then you should be fine. So I ignored this error and continued.. I’m pretty sure it was looking for packages I have installed but of a lower release level. Click on Next to continue.
You’ll need to execute the root.sh script as part of this install. Click on the Next button to continue.
We are only using SSO and Delegated Administration Services, so I de-selected the other options and clicked on the Next button.
Click on the Next button.
Enter the hostname and port number for your IDM install from Part 2.
Enter the password for the orcladmin account which you specified during the IDM install in Part 2.
Create an Instance Name, I put SSO in front of the instance name to keep it logical. After you enter a password click on the Next button.
Click on the Install button.
During the install you may see this error. It can be safely ignored as per note: 465847.1
Before you click on the OK button above you should download and apply patch patch 5649850 before running run the root.sh script.
To apply this patch set your ORACLE_HOME environment variable to your SSO Oracle Home, unzip the patch, change into the patch directory and execute $ORACLE_HOME/OPatch/opatch apply.
If you get an error:
The Oracle Home /u01/app/oracle/product/mid11g/SSOHome_1 is not registered with the Central Inventory. OPatch was not able to get details of the home from the inventory.
Try upgrading Opatch to OPatch Version: 1.0.0.0.60
Once you have applied the patch click on the OK button.
Once the install has finished the configuration assistants will run. Assuming no issues are encountered you will be presented with the End of Installation screen below:
SSO has been installed but now we need to upgrade it to 10.1.4.3.0:
Upgrade SSO to 10.1.4.3.0
Upgrade Oracle Single Sign-On and Oracle Delegated Administration Services to Release 10g (10.1.4.3.0) by applying the Oracle Identity Management 10g (10.1.4.3.0) Patch Set. You can get the Oracle Identity Management 10g (10.1.4.3.0) Patch Set from My Oracle Support (formerly MetaLink) by searching for Bug or Patch Number 7215628.
Stop SSO:
If you don’t stop it beforehand I believe the installer will stop it for you.
echo "Stopping SSO Components. . ."
cd $SSO_HOME/bin
./emctl stop iasconsole
sleep 5
cd $SSO_HOME/opmn/bin
./opmnctl stopall
Download patch 7215628, unzip it and launch the runInstaller:
Click on Next.
Select the SSO Home from the drop down list and click on Next.
Enter your Metalink credentials if you would like configuration manager installed. I opted not to install it.
Enter the ias_admin password you specified during the SSO install above. Click on Next to continue.
Enter the orcladmin password from the IDM install performed in Part 2. Click on Next to continue.
Enter SYS password for the database created in Step 2.
I shutdown SSO before but if you didn’t, the installer will do that now. Click on OK to continue.
Click the on the Install button.
Once the install finishes you’ll be prompted to run the root.sh script. Perform that task and click on the OK button.
After the configuration assistants execute successfully the patch will be completed:
Click on Exit.
On the IDM server execute the inspre11.pl script with -op3, which sets the Oracle Internet Directory version back to 11g Release 1 (11.1.1).
Set the environment variables setup the IDM environment:
oracle@vm2 ~]$ ORACLE_HOME=/u01/app/oracle/product/mid11g/Oracle_IDM1; export ORACLE_HOME
[oracle@vm2 ~]$ ORACLE_INSTANCE=/u01/app/oracle/product/mid11g/IDMasinst_1; export ORACLE_INSTANCE
[oracle@vm2 ~]$ TNS_ADMIN=$ORACLE_INSTANCE/config; export TNS_ADMIN
[oracle@vm2 ~]$ORACLE_HOME/perl/bin/perl $ORACLE_HOME/ldap/bin/inspre11.pl vm2 3060 -nonssl oid1 OIDDB password password –op3
Change orcldirectoryversion to 11.1.1.1.0 and enable entrycache
Verify the install was successful by logging in to Oracle Delegated Administration Services. You should be redirected to Oracle Single Sign-On and if your able to login in successfully everything should be installed correctly.
The URL where vm7 is the server name for the application tier:
http://vm7:7777/oiddas/
Part 4 will cover the Portal and SOA Installation.
32 comments:
Hi,
Thank you for sharing.
Are you IDM(oid) and OSSO use same ODS schema??
In my test, RCU assistant select "Load and Register"
I cant reuse ODS schema.
OFM Vesrion 11.1.2
Thanks.
Mac@TW
Hi,
Really a very useful document for IDM guys.
I was trying to do the same but i was facing an issue in executing opatch. It was returning me the below error message while executing opatch
MISSING_COMPONENT : oracle.dbjava.rsf, 10.2.0.4.0
This Oracle Home does not have components/versions required by the patch.
ERROR: OPatch failed during pre-reqs check.
OPatch returns with error code = 150
Please suggest.
Thanks & Regards,
Siva Pokuri.
Mac: IDM and OSSO are using the same schema... For IDM the schemas get prefixed with a value you specify during the install.. Mine is DEV_, so there is no overlap.
Siva: I would try upgrading to the latest OPatch and make sure your environment is setup correctly.
Hi,
Thank you for sharing. I tried to do the same, but I used database 11R2 (version 11.2.0.1.0). When upgraded SSO to 10.1.4.3.0 with using 7215628 patch set, it displayed error: "Oracle Universal Installer has detected that your database is version 11.2.0.1.0. Before you can continue, you must apply a required Database patch set. Refer to My Oracle Support for the latest OracleAS Metadata Repository certification information", and install process didnt continue.
I used database 11gR2, SSO Repository Creation 10.1.4.3.1. Please help me.
Thanks & Best Regards,
Metro@TV.
I got the same error "Oracle Universal Installer has detected that your database is version 11.2.0.1.0. Before you can continue, you must apply a required Database patch set. Refer to My Oracle Support for the latest OracleAS Metadata Repository certification information"
To fix this issue, you need to apply this patch 6265268 from Metalink.
One additional note is that I also needed to replace the jar files in /inventory/Queries21/DBConnectQueries/8.4 and /inventory/Queries21/IP_DBQueries/3.0
Thanks for the info Khang!
Database 11G R2 is not compatible.
I opened a SR and received none workaround. Then, I started again using database 11G R1
Hi i am doing the exactly the same installation but in windows 2008. Now in windows after the SSO installation it does not ask to run root.sh it starts directly the configuration of the assistants so i do not have the time to apply the necessary opatch.
Any ideas how to counter this problem?
If it doesn't stop so you can run the root.sh file, then just apply the patch after. I'm pretty sure I forgot to apply it once, applied it after and everything was ok.
If that doesn't work, maybe someone else has experienced this issues, solved it and will leave a comment.
Hi Siva Pokuri,
I have the same problem as you "MISSING_COMPONENT : oracle.dbjava.rsf, 10.2.0.4.0", How i have to fix this error?.
Thanks & Regards,
Tomás.
Hi Siva Pokuri,
I have the same problem as you "MISSING_COMPONENT : oracle.dbjava.rsf, 10.2.0.4.0", How i have to fix this error?.
Thanks & Regards,
Tomás.
The "MISSING_COMPONENT : oracle.dbjava.rsf, 10.2.0.4.0" error is caused by applying a 10.2 patch on a 10.1 install. Download the correct patch version and you should be ok.
Hi
When I run the OAS 10.1.4.x installer, it says RHEL 5 is not supported.
Thnks
Ferry.
Hi,
How to install SSO Metadata Repository Creation Assistant (10.1.4.3.1)
in Windows 2008 64bit version?
It is not not installing properly.
Please guide me
Hi Ramkumar, all my platforms are linux so unfortunately I don't any tips for windows.
tnx
Hi Dave,
Thanks for your reply.
I am facing one more issue with Enterprise manager Fusion Middleware control.
If I logged out once, i could not login again. It is throwing below error.
Login failed. Error connecting to the Server
How to resolve this issue.
Same time i am able to login weblogic administration console.
Hi Ramkumar,
I'm facing the same issue. Did you get a solution for that ??
Thanks,
Vinodh
Its fixed by bouncing the Admin Server.
Thanks,
Vinodh
Did you run MRCA against the 11g database? I have a tar open currently because I can't get SSO to start. The analyst pointed me to note 740417.1. It states:
The Metadata Repository Creation Assistant (MRCA) 10.1.4.0.1 is incompatible with Database 11.1.0.6. Therefore, customers should ensure that the Metadata Repository for Oracle Internet Directory is created on a previous version of the Oracle Database and then upgrade the version to 11.1.0.6.
The high level steps are:
a) Install a separate 10.2 Database Server
b) Run MRCA 10.1.4.0.1
c) Install Identity Management 10g 10.1.4.0.1
d) Apply 10.1.4.2 or newer Patchset
e) Upgrade 10.2 to 11.1 following the Oracle Database Upgrade Guide
Did you install directly to 11.1?
This has to be one of the worst Oracle products to install and this is coming from someone who has installed a lot of them.
Are you talking about the 10g SSO repository creation utility? If so, take a look at:
http://download.oracle.com/docs/cd/E14571_01/install.1111/e12002/sso_das002.htm
If you are installing Oracle Single Sign-On and Oracle Delegated Administration Services against a Release 11.x database, you must apply Patch 5649850 for release 10.1.0.5 to the Oracle Single Sign-On ORACLE_HOME directory. Patch 5649850 updates the 10.1.0.5 JDBC driver, allowing connectivity to a Release 11.x database. If you are unable to apply this patch due to a prerequisite failure, apply Patch 6880880 for release 1 before applying patch 5649850.
SSO has to be at 10.1.4.3:
Upgrade Oracle Single Sign-On and Oracle Delegated Administration Services to Release 10g (10.1.4.3.0) by applying the Oracle Identity Management 10g (10.1.4.3.0)
I had this error:-
$ /home/oracle/Oracle/Middleware/Oracle_IDM1/perl/bin/perl /home/oracle/Oracle/Middleware/Oracle_IDM1/ldap/bin/inspre11.pl host.benar.com 3131 -ssl oid1 host.benar.com:1521:orcl.benar.com Pa$$w0rd Pa$$w0rd -op1
ldap_bind: Invalid credentials
ldap_bind: Invalid credentials
Verify that the OID Component name is correct
Enable anonymous bind using ldapmodify tool or Oracle Directory Services Manager tool
Disable entry cache using ldapmodify tool or Oracle Directory Services Manager tool
Use RepCA to load SSO and other schemas against DB before running -op2
my specifications:-
1- OEL 5.5 x86-64
2- DB 11g R2
3- WebLogic 10.3.3
4- Identity Management 11.1.1.2.0
any help please ?
ERROR - Unable to connect to the database. See the log file for details. Check that you have provided the proper service name for the database, that the database is running, the database connection information is valid, and that the database is set up for password file authentication. For more information, click the Help button.:ORA-06550: line 1, column 7:
PLS-00201: identifier 'DBMS_IAS_VERSION.SET_COMPONENT_LOADING' must be declared
ORA-06550: line 1, column 7:
PL/SQL: Statement ignored
ANY HELP ?
hi,
thanks for sharing
i am stuck at installation of SSO
i looked everywhere but just cant find Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1)
i completed task untill that part but i cant go forward if anybody can tell me how to reach that file that would be great
I was getting linking issues during the MRCA 10.1.4.3.1 installation on OEL 5.5 x86_64 and the following worked for me (taken from MOS note 377359.1):
1. Remove any existing MRCA installation.
2. Backup gcc: mv /usr/bin/gcc /usr/bin/gcc.save
3. Create a text file /usr/bin/gcc with the following content:
/usr/bin/gcc.save -m32 $*
4. chmod ugo+x /usr/bin/gcc
5. Verify gcc and gcc.save files
/usr/bin/gcc.save - This is the original binary
/usr/bin/gcc - This is a text file containing one line
6. Install the MRCA software - optionally use patch 7391245 to start the installer
7. After installation, restore the original gcc binary
cp /usr/bin/gcc.save /usr/bin/gcc
Hi
Thanks for the post, it's been very useful for my 11 setup.
I am trying to install 11g FMW on RHEL 6 x86-64 OS.
All the installation works fine except the SSO 11.1.4.0.1, there is no specific download for x86-64 so I had to use x86 32 bit SSO 10.1.4.0.1 software (as_linux_x86_oim_oif_101401)
Installation goes fine till the configuration, while at configuration, after 7-8 components it fails at mod_sso configuration with below error.
Thu Jul 14 17:03:21 GMT+05:30 2011 Creating sso partner
Thu Jul 14 17:03:21 GMT+05:30 2011 Exception while accessing database: java.sql.SQLException: ORA-06510: PL/SQL: unhandled user-defined exception+
ORA-06512: at "ORASSO.WWSSO_API_PRIVATE", line 154
ORA-01403: no data found
ORA-06512: at line 1
java.sql.SQLException: ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "ORASSO.WWSSO_API_PRIVATE", line 154
ORA-01403: no data found
ORA-06512: at line 1
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:125)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:316)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:282)
Where exactly (O.S) did you install your SSO? was it on 32-bit?
Any help is appritiated.
- Tammy
I have install everything and it appears to have installed with out any errors or issues, but when I try the http://appserv:7777/oiddas/ test it fails. The IE shows the generic 500 Internal Server Error.
Any pointers at what to look at would be greatly appreciate.
Thanks,
Ron
I have install everything and it appears to have installed with out any errors or issues, but when I try the http://appserv:7777/oiddas/ test it fails. The IE shows the generic 500 Internal Server Error.
Any pointers at what to look at would be greatly appreciate.
Hi,
I need to reinstall a new env using exactly this procedure. I have done so before. But now I am no longer able to find the MRCA or RepCA that is need here (it must be MRCA 10.1.4.3.1). Also at Oracle's websites it can no longer be found. I was wondering if you still have it? And for which platform. If you do could we try to find a way that you can send it to me or that I download it from your side?
Thanks,
Torsten (my email is: torsten@pt.lu)
Just awesome topic! I was searching for the same form some time ago and found a great service with a huge forms library. BTW, if anyone needs to fill out a a form, I found a blank fillable form here http://pdf.ac/3bOcSg
Post a Comment